package com.kuang.controller;

import com.kuang.dao.impl.UserDaoImpl;
import com.kuang.pojo.User;
import com.kuang.utils.BaseUtils;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.thymeleaf.util.StringUtils;

import javax.servlet.http.HttpServletRequest;
import java.util.HashMap;
import java.util.Map;

@Controller
public class LoginController {

    @Autowired
    UserDaoImpl userDaoImpl;

    /**
     * 登录
     * @param email 账号
     * @param password 密码
     * @param l 语言
     * @param model
     * @param request
     * @return
     */
    @RequestMapping(value = "/user/login", method = {RequestMethod.POST})
    public String login(
            @RequestParam("email") String email,
            @RequestParam("password") String password,
            @RequestParam(value = "l", required = false) String l,
            Model model,
            HttpServletRequest request
    ) {

//        // 自己写的的路拦截
//        if (!StringUtils.isEmpty(email) && password.equals("123456")) {
//            Map<String, String> user_info = new HashMap<>();
//            user_info.put("email", email);
//            user_info.put("password", password);
//            request.getSession().setAttribute("user_info", user_info);
//            return "redirect:/index";
//        }else {
//            return "redirect:/login?status=1";
//        }

        // shiro登录拦截
        // 获取当前的用户
        Subject subject = SecurityUtils.getSubject();

        // 封装用户的登录数据 因为用户注册时是使用md5对密码加密后才存进数据库的，所以在用户登录时也要对密码进行加密，加密后进行匹配；
        Object pwd = BaseUtils.encryptionMD5(password, email);
        UsernamePasswordToken token = new UsernamePasswordToken(email, pwd.toString());

        try {
            // 执行登录方法
            subject.login(token);
            return "redirect:/index";
        }catch (UnknownAccountException e) {
            // 用户名不存在
            return "redirect:/login?status=1";
        } catch (IncorrectCredentialsException e) {
            // 密码不存在
            return "redirect:/login?status=1";
        }
    }

    /**
     * 退出登录
     * @param request
     * @return
     */
    @RequestMapping(value = "/user/logout")
    public String logout(HttpServletRequest request) {
//        request.getSession().removeAttribute("user_info");
        Subject subject = SecurityUtils.getSubject();
        subject.logout();
        return "redirect:/index";
    }

    /**
     * 注册
     * @param name
     * @param email
     * @param password
     * @return
     */
    @RequestMapping(value = "/user/register", method = {RequestMethod.POST})
    public String register(
        @RequestParam("name") String name,
        @RequestParam("email") String email,
        @RequestParam("password") String password
    ) {
       if (!StringUtils.isEmpty(name) && !StringUtils.isEmpty(email) && !StringUtils.isEmpty(password)) {

           // 判断账号是否被注册过
           if (userDaoImpl.getUserByEmail(email) != null) {
               return "redirect:/register?status=2";
           }
           User user = new User();
           user.setEmail(email);
           user.setName(name);
           user.setPassword(password);
           userDaoImpl.saveUser(user);
           return "redirect:/login";
       }else {
           // 账号密码不能为空
           return "redirect:/register?status=1";
       }

    }
}
